Federal Facial Recognition by Stealth – With Zero Oversight

The FBI and DHS ICE are “misusing” drivers’ license photos to try and catch crims via facial recognition technology. No law directly allows this, we’re told.

ICE refuses to talk about it, and the FBI’s justification seems to amount to “Minority Report”-style precrime. Georgetown Law researchers uncovered the scandal.

Privacy advocates are apoplectic. But others wonder what all the fuss is about. In today’s SB Blogwatch, we sleepwalk into a surveillance state (or something).

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: iPhocintosh.


FBI&ICE <3 DMV

What’s the craic? Drew Harwell reports, “FBI, ICE find state driver’s license photos are a gold mine”:

 Agents are scanning millions of Americans’ faces without their knowledge or consent. [They] have turned state departments of motor vehicles databases into the bedrock of an unprecedented surveillance infrastructure.

The DMV records contain the photos of a vast majority of a state’s residents, most of whom have never been charged with a crime. … Neither Congress nor state legislatures have authorized the development of such a system.

[But] the technology [is] already is tightly woven into the fabric of modern law enforcement … to track down suspects in low-level crimes, including cashing a stolen check and petty theft. And searches are often executed with nothing more formal than an email.

An ICE spokesman declined to answer questions. [FBI] Deputy Assistant Director Kimberly Del Greco … said that facial-recognition technology was critical “to preserve our nation’s freedoms, ensure our liberties are protected, and preserve our security.”

How widespread is this? Catie Edmondson adds, “ICE Used Facial Recognition to Mine State Driver’s License Databases”:

 Over two dozen states allow law enforcement officials to request such searches against their databases of driver’s licenses. … Lawmakers and advocates [say it] is a major privacy violation.

In at least three states that offer driver’s licenses to undocumented immigrants, ICE officials have requested to comb through state repositories of license photos: … Utah … Vermont [and] Washington. … The relationship between Washington’s Department of Licensing and ICE officials may prove to be particularly interesting … because of a law the State Legislature passed in 2012 stipulating that the department could use a facial recognition matching system for driver’s licenses only when authorized by a court order, something ICE did not provide.

Who OK’ed it? Jon Fingas says, “No one approved the creation of this system”:

 There isn’t much consent or accountability for these searches. It’s not clear who’s being targeted or how many searches lead to false hits, let alone that agents are using facial data responsibly.

These lapses create serious concerns for the privacy-conscious.

Yikes. Beth Bourdon—@VirtuallyBeth—is really disturbed:

 This is really disturbing, especially in light of congressional testimony in June where it appears the FBI may not be complying with its constitutional obligation to inform criminal defendants of additional matches, which would support a claim of innocence.

ICYMI, here’s Neema Singh Guliani—“The FBI Has Access to Over 640 Million Photos of Us”:

 At a House Oversight Committee hearing … with an FBI witness, we learned new details that further confirm our fears. … The details also underscore the urgent need for Congress to put the brakes on law enforcement use of this powerful technology.

The FBI’s massive facial recognition apparatus continues to expand and can now match against over 640 million photos. … From October 2017 to April 2019, the FBI ran over 152,000 searches [which] does not even include searches on external databases, like passport photos [or DMV records].

The FBI claims it can use face recognition on individuals without a warrant or probable cause. … The FBI interprets [the law] to cover mere speculation that a crime may be committed in the future.

The FBI doesn’t even track basic statistics to measure the technology’s efficacy. [This] calls into question how they can conclude it has positive law enforcement value.

The FBI cannot even confirm that it complies with its constitutional obligations. … Twice during the hearing, the FBI was specifically asked whether they notified criminal defendants when other individuals also returned as a face recognition match, which could support defendants’ claims that they are innocent [but] could not confirm that this information was always provided.

The FBI won’t reveal information about the companies it has communicated with about face recognition products. … The FBI witness evaded this question, and that is troubling.

But SuperKendall is surprised anyone’s surprised:

 Come on, what did anyone think would happen with drivers license photos? You are submitting them to a government agency.

I am just as sure the FBI is scanning passport photos too. … I lack an understanding of just what I am supposed to be afraid of.

And Jim Sadler sounds sanguine:

 I think it is dandy that people who cash a stolen check can be tracked down and jailed. … Let the light shine in brightly. Let those that have done wrongs sweat in the night knowing that a knock may come at the door.

OTOH, clay_the_ripper molds this nuanced argument:

 Sensible regulations around what the government can do/not do in regards to … facial recognition tech seems like it’s becoming more and more necessary. I am far more worried about privacy invasions/abuse by the government than I am by private companies that seem to get all the press (i.e., Facebook).

1) Facebook can’t arrest me
2) Facebook has no incentive other than targeting me with ads
3) Facebook is actually incentivized to keep this data to themselves now that future competitors will not be able to Hoover up as much data as Facebook did.

Given the choice, I’ll take the lesser of two evils which is a company that is interested in knowing the things I buy and where I go, for the express purpose of selling better ads. But all the press goes to, “Let’s break up big tech.”

I’d be much more interested in stopping the mass surveillance of citizens by an entity that has the power to kill, imprison, subjugate and arrest, rather than an entity that has the power to target me with ads.

One more privacy fear to worry about. Bill McGonigle wonders if the real threat comes from outside the government”:

 One does not achieve security by identifying real threats post hoc; one improves security by reducing attack surfaces at every possible opportunity. Nobody is prescient nor omniscient so it’s impossible to know every way that data can be misused ahead of time.

Once cybercriminals get a download of this database we’ll probably see some really obnoxious applications of the data.

Meanwhile, Redoubts sarcastically rolls their eyes:

 Great, all the downsides of a national ID without any of the benefits.

And Finally:

If the iPhone was created in the style of retro Macs


You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites… so you don’t have to. Hatemail may be directed to @RiCHi or sbbw@richi.uk. Ask your doctor before reading. Your mileage may vary. E&OE.

Image source: U.S. Air Force Airman 1st Class Mya M. Crosby

Featured eBook
Speed and Scale: How Machine Identity Protection is Crucial for Digital Transformation and DevOps

Speed and Scale: How Machine Identity Protection is Crucial for Digital Transformation and DevOps

Digital transformation requires new approaches to security, demanding the protection of machine identities that enable authentication and encryption required for secure machine-to-machine communication. Solving machine identity protection challenges within DevOps environments, requires a fundamentally new approach. Information Security teams must deliver a frictionless, automated solution that allows DevOps engineers to seamlessly provision and manage certificates ... Read More
Venafi

Richi Jennings

Richi is a foolish independent industry analyst, editor, writer, and fan of the Oxford comma. He’s previously written or edited for Computerworld, Petri, Microsoft, HP, Cyren, Webroot, Micro Focus, Osterman Research, Ferris Research, NetApp on Forbes and CIO.com. His work has won awards from the American Society of Business Publication Editors, ABM/Jesse H. Neal, and B2B Magazine.

richi has 70 posts and counting.See all posts by richi